gbrain: sync converted org-mode brain files

ideas/compliance/apra-cps-234.org

@@ -0,0 +1,27 @@
+:PROPERTIES:
+:ID:       auto-apra-cps-234
+:CREATED:  [2026-05-23 Sat]
+:END:
+#+title: APRA CPS 234 (Prudential Standard — Information Security)
+#+filetags: :passepartout:compliance:framework:apra:
+
+** APRA CPS 234 (Prudential Standard — Information Security)
+
+Australian Prudential Regulation Authority standard for regulated financial
+institutions. Requires: clearly defined information security roles and
+responsibilities, periodic cybersecurity capability assessments, robust control
+testing, timely remediation of control weaknesses, mandatory notification of
+material incidents to APRA within 72 hours.
+
+Who must comply: Banks, insurers, superannuation funds regulated by APRA.
+~500 entities.
+
+Penalties: APRA can impose capital requirements, license conditions, or
+license cancellation for non-compliance. Personal liability for board and
+senior management.
+
+Why it matters: CPS 234's control testing requirement creates demand for
+continuous verification — exactly what the gate stack and evaluation harness
+provide. First-mover advantage: CPS 234 is mature (2019) but enforcement is
+escalating. No vendor provides a deterministic control-testing pipeline.
+